Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 19:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe
-
Size
286KB
-
MD5
b8ed05150c2acc7cd9502311a5afd1db
-
SHA1
80cb53289df483e6481985cf1dd25e55fd581d44
-
SHA256
507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1
-
SHA512
4671952efd651eb8a1d058185e139f9151af6dddac1d62048342543a4647d09f59ea4ffe95d4308018ea7fda5e578cdae0b331f88d8df64d18bbc37f1f237cc0
-
SSDEEP
3072:ThOm2sI93UufdC67cipfmCiiiXAQ5lpBoGYwNNhu0CzhKPf:Tcm7ImGddXlWrXF5lpKGYV0wh6f
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4832-4-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1932-7-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1400-18-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4204-28-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/976-31-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1532-39-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3008-41-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4496-52-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3808-82-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3964-88-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/756-104-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2308-113-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3244-140-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4848-134-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3948-115-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2080-175-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/752-187-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4324-182-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2284-83-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1992-194-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/696-197-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4864-74-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/432-65-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2148-58-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4396-49-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1732-201-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3844-205-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3284-207-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1060-15-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4756-212-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1780-222-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1868-228-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3972-241-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/680-245-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4396-254-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4864-266-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4808-294-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/5116-292-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2612-300-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4060-318-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4244-319-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2524-330-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2748-339-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4920-360-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/5024-363-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2660-391-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/772-405-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/396-411-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2152-421-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/5068-456-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1700-503-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2736-507-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1992-521-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1732-525-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1732-532-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4756-534-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1932-551-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4992-586-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4900-617-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1072-665-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1920-689-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/656-769-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/624-795-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3548-838-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4832-4-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1932-7-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1400-18-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4204-22-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4204-28-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/976-31-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1532-39-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3008-41-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4496-52-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3808-82-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3964-88-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2276-91-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/756-104-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2308-113-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3152-142-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3244-140-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1984-163-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4780-169-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4848-134-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3948-115-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/996-96-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2080-175-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/752-187-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4324-182-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2284-83-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1992-194-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/696-197-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4864-74-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/432-65-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2148-58-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4396-49-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1732-201-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3844-205-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3284-207-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1060-15-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4756-212-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1780-222-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1868-228-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3972-241-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/680-245-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4396-254-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4864-266-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4808-294-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/5116-292-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2612-300-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4924-302-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4060-318-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4244-319-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2524-330-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2748-339-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4920-360-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/5024-363-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2660-391-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/772-405-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/396-411-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2152-421-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/952-443-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/5068-456-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1700-503-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2736-507-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1992-521-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1732-525-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1732-532-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4756-534-0x0000000000400000-0x000000000042B000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1932 vjpdv.exe 1060 tnhhnh.exe 1400 vvppp.exe 4204 lfflflx.exe 976 3rllflf.exe 1532 vdjvd.exe 3008 nntbtt.exe 4396 nhnnhh.exe 4496 lfrrlfl.exe 2148 hhnhbh.exe 432 pvpdv.exe 4864 ppvpp.exe 3808 5lfrlfx.exe 2284 jddvp.exe 3964 lrrlffx.exe 2276 5ttbhb.exe 996 7vddd.exe 756 xrfxxlx.exe 2308 bbnnhh.exe 3948 vvppj.exe 4272 xffllll.exe 2768 bhhhhn.exe 4848 ntbttt.exe 3244 5vvpp.exe 3152 tttnnn.exe 4244 jjddd.exe 2524 bbnnth.exe 1216 tnnttb.exe 1984 jpdvv.exe 4780 fxxfffr.exe 2080 tnnhnt.exe 4324 dvvvv.exe 752 dvpvj.exe 4440 rflrrrf.exe 1992 tntbbb.exe 696 5dpjp.exe 1732 rrllfff.exe 3844 ffxrrxx.exe 3284 5vvpp.exe 4756 ppvvp.exe 4020 btbbtb.exe 3572 htttnn.exe 1780 ppvpp.exe 2660 vvjjd.exe 1868 thhbtn.exe 2976 bntnnn.exe 1912 pjpjp.exe 3192 7rrlflx.exe 3972 nbhtnn.exe 4316 vdjjj.exe 680 pjpjd.exe 2168 rrfxffx.exe 4396 7ttnnn.exe 4524 nhbtnn.exe 4052 7flffrr.exe 3236 ttbbtb.exe 4864 bnbnnh.exe 3064 jvjjd.exe 4384 rlxrrll.exe 3964 hnttnt.exe 952 9djjd.exe 3640 rffffff.exe 4856 rlrffff.exe 5116 hnbbth.exe -
resource yara_rule behavioral2/memory/4832-4-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1932-7-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1400-18-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4204-22-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4204-28-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/976-31-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1532-39-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3008-41-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4496-52-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3808-82-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3964-88-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2276-91-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/756-104-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2308-113-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3152-142-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3244-140-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1984-163-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4780-169-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4848-134-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3948-115-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/996-96-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2080-175-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/752-187-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4324-182-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2284-83-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1992-194-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/696-197-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4864-74-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/432-65-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2148-58-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4396-49-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1732-201-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3844-205-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3284-207-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1060-15-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4756-212-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1780-222-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1868-228-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3972-241-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/680-245-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4396-254-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4864-266-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4808-294-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/5116-292-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2612-300-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4924-302-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4060-318-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4244-319-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2524-330-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2748-339-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4920-360-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/5024-363-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2660-391-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/772-405-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/396-411-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2152-421-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/952-443-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/5068-456-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1700-503-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2736-507-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1992-521-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1732-525-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1732-532-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4756-534-0x0000000000400000-0x000000000042B000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4832 wrote to memory of 1932 4832 507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe 88 PID 4832 wrote to memory of 1932 4832 507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe 88 PID 4832 wrote to memory of 1932 4832 507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe 88 PID 1932 wrote to memory of 1060 1932 vjpdv.exe 89 PID 1932 wrote to memory of 1060 1932 vjpdv.exe 89 PID 1932 wrote to memory of 1060 1932 vjpdv.exe 89 PID 1060 wrote to memory of 1400 1060 tnhhnh.exe 90 PID 1060 wrote to memory of 1400 1060 tnhhnh.exe 90 PID 1060 wrote to memory of 1400 1060 tnhhnh.exe 90 PID 1400 wrote to memory of 4204 1400 vvppp.exe 91 PID 1400 wrote to memory of 4204 1400 vvppp.exe 91 PID 1400 wrote to memory of 4204 1400 vvppp.exe 91 PID 4204 wrote to memory of 976 4204 lfflflx.exe 92 PID 4204 wrote to memory of 976 4204 lfflflx.exe 92 PID 4204 wrote to memory of 976 4204 lfflflx.exe 92 PID 976 wrote to memory of 1532 976 3rllflf.exe 93 PID 976 wrote to memory of 1532 976 3rllflf.exe 93 PID 976 wrote to memory of 1532 976 3rllflf.exe 93 PID 1532 wrote to memory of 3008 1532 vdjvd.exe 94 PID 1532 wrote to memory of 3008 1532 vdjvd.exe 94 PID 1532 wrote to memory of 3008 1532 vdjvd.exe 94 PID 3008 wrote to memory of 4396 3008 nntbtt.exe 141 PID 3008 wrote to memory of 4396 3008 nntbtt.exe 141 PID 3008 wrote to memory of 4396 3008 nntbtt.exe 141 PID 4396 wrote to memory of 4496 4396 nhnnhh.exe 96 PID 4396 wrote to memory of 4496 4396 nhnnhh.exe 96 PID 4396 wrote to memory of 4496 4396 nhnnhh.exe 96 PID 4496 wrote to memory of 2148 4496 lfrrlfl.exe 97 PID 4496 wrote to memory of 2148 4496 lfrrlfl.exe 97 PID 4496 wrote to memory of 2148 4496 lfrrlfl.exe 97 PID 2148 wrote to memory of 432 2148 hhnhbh.exe 98 PID 2148 wrote to memory of 432 2148 hhnhbh.exe 98 PID 2148 wrote to memory of 432 2148 hhnhbh.exe 98 PID 432 wrote to memory of 4864 432 pvpdv.exe 145 PID 432 wrote to memory of 4864 432 pvpdv.exe 145 PID 432 wrote to memory of 4864 432 pvpdv.exe 145 PID 4864 wrote to memory of 3808 4864 ppvpp.exe 100 PID 4864 wrote to memory of 3808 4864 ppvpp.exe 100 PID 4864 wrote to memory of 3808 4864 ppvpp.exe 100 PID 3808 wrote to memory of 2284 3808 5lfrlfx.exe 101 PID 3808 wrote to memory of 2284 3808 5lfrlfx.exe 101 PID 3808 wrote to memory of 2284 3808 5lfrlfx.exe 101 PID 2284 wrote to memory of 3964 2284 jddvp.exe 148 PID 2284 wrote to memory of 3964 2284 jddvp.exe 148 PID 2284 wrote to memory of 3964 2284 jddvp.exe 148 PID 3964 wrote to memory of 2276 3964 lrrlffx.exe 103 PID 3964 wrote to memory of 2276 3964 lrrlffx.exe 103 PID 3964 wrote to memory of 2276 3964 lrrlffx.exe 103 PID 2276 wrote to memory of 996 2276 5ttbhb.exe 104 PID 2276 wrote to memory of 996 2276 5ttbhb.exe 104 PID 2276 wrote to memory of 996 2276 5ttbhb.exe 104 PID 996 wrote to memory of 756 996 7vddd.exe 105 PID 996 wrote to memory of 756 996 7vddd.exe 105 PID 996 wrote to memory of 756 996 7vddd.exe 105 PID 756 wrote to memory of 2308 756 xrfxxlx.exe 106 PID 756 wrote to memory of 2308 756 xrfxxlx.exe 106 PID 756 wrote to memory of 2308 756 xrfxxlx.exe 106 PID 2308 wrote to memory of 3948 2308 bbnnhh.exe 107 PID 2308 wrote to memory of 3948 2308 bbnnhh.exe 107 PID 2308 wrote to memory of 3948 2308 bbnnhh.exe 107 PID 3948 wrote to memory of 4272 3948 vvppj.exe 108 PID 3948 wrote to memory of 4272 3948 vvppj.exe 108 PID 3948 wrote to memory of 4272 3948 vvppj.exe 108 PID 4272 wrote to memory of 2768 4272 xffllll.exe 109
Processes
-
C:\Users\Admin\AppData\Local\Temp\507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe"C:\Users\Admin\AppData\Local\Temp\507703086a714cd398fddd365702e2cd369e0781b7af82bfbaec57b3d970fab1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4832 -
\??\c:\vjpdv.exec:\vjpdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\tnhhnh.exec:\tnhhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1060 -
\??\c:\vvppp.exec:\vvppp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1400 -
\??\c:\lfflflx.exec:\lfflflx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4204 -
\??\c:\3rllflf.exec:\3rllflf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:976 -
\??\c:\vdjvd.exec:\vdjvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1532 -
\??\c:\nntbtt.exec:\nntbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3008 -
\??\c:\nhnnhh.exec:\nhnnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4396 -
\??\c:\lfrrlfl.exec:\lfrrlfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4496 -
\??\c:\hhnhbh.exec:\hhnhbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\pvpdv.exec:\pvpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:432 -
\??\c:\ppvpp.exec:\ppvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4864 -
\??\c:\5lfrlfx.exec:\5lfrlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3808 -
\??\c:\jddvp.exec:\jddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\lrrlffx.exec:\lrrlffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3964 -
\??\c:\5ttbhb.exec:\5ttbhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2276 -
\??\c:\7vddd.exec:\7vddd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:996 -
\??\c:\xrfxxlx.exec:\xrfxxlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:756 -
\??\c:\bbnnhh.exec:\bbnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\vvppj.exec:\vvppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3948 -
\??\c:\xffllll.exec:\xffllll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4272 -
\??\c:\bhhhhn.exec:\bhhhhn.exe23⤵
- Executes dropped EXE
PID:2768 -
\??\c:\ntbttt.exec:\ntbttt.exe24⤵
- Executes dropped EXE
PID:4848 -
\??\c:\5vvpp.exec:\5vvpp.exe25⤵
- Executes dropped EXE
PID:3244 -
\??\c:\tttnnn.exec:\tttnnn.exe26⤵
- Executes dropped EXE
PID:3152 -
\??\c:\jjddd.exec:\jjddd.exe27⤵
- Executes dropped EXE
PID:4244 -
\??\c:\bbnnth.exec:\bbnnth.exe28⤵
- Executes dropped EXE
PID:2524 -
\??\c:\tnnttb.exec:\tnnttb.exe29⤵
- Executes dropped EXE
PID:1216 -
\??\c:\jpdvv.exec:\jpdvv.exe30⤵
- Executes dropped EXE
PID:1984 -
\??\c:\fxxfffr.exec:\fxxfffr.exe31⤵
- Executes dropped EXE
PID:4780 -
\??\c:\tnnhnt.exec:\tnnhnt.exe32⤵
- Executes dropped EXE
PID:2080 -
\??\c:\dvvvv.exec:\dvvvv.exe33⤵
- Executes dropped EXE
PID:4324 -
\??\c:\dvpvj.exec:\dvpvj.exe34⤵
- Executes dropped EXE
PID:752 -
\??\c:\rflrrrf.exec:\rflrrrf.exe35⤵
- Executes dropped EXE
PID:4440 -
\??\c:\tntbbb.exec:\tntbbb.exe36⤵
- Executes dropped EXE
PID:1992 -
\??\c:\5dpjp.exec:\5dpjp.exe37⤵
- Executes dropped EXE
PID:696 -
\??\c:\rrllfff.exec:\rrllfff.exe38⤵
- Executes dropped EXE
PID:1732 -
\??\c:\ffxrrxx.exec:\ffxrrxx.exe39⤵
- Executes dropped EXE
PID:3844 -
\??\c:\5vvpp.exec:\5vvpp.exe40⤵
- Executes dropped EXE
PID:3284 -
\??\c:\ppvvp.exec:\ppvvp.exe41⤵
- Executes dropped EXE
PID:4756 -
\??\c:\btbbtb.exec:\btbbtb.exe42⤵
- Executes dropped EXE
PID:4020 -
\??\c:\htttnn.exec:\htttnn.exe43⤵
- Executes dropped EXE
PID:3572 -
\??\c:\ppvpp.exec:\ppvpp.exe44⤵
- Executes dropped EXE
PID:1780 -
\??\c:\vvjjd.exec:\vvjjd.exe45⤵
- Executes dropped EXE
PID:2660 -
\??\c:\thhbtn.exec:\thhbtn.exe46⤵
- Executes dropped EXE
PID:1868 -
\??\c:\bntnnn.exec:\bntnnn.exe47⤵
- Executes dropped EXE
PID:2976 -
\??\c:\pjpjp.exec:\pjpjp.exe48⤵
- Executes dropped EXE
PID:1912 -
\??\c:\7rrlflx.exec:\7rrlflx.exe49⤵
- Executes dropped EXE
PID:3192 -
\??\c:\nbhtnn.exec:\nbhtnn.exe50⤵
- Executes dropped EXE
PID:3972 -
\??\c:\vdjjj.exec:\vdjjj.exe51⤵
- Executes dropped EXE
PID:4316 -
\??\c:\pjpjd.exec:\pjpjd.exe52⤵
- Executes dropped EXE
PID:680 -
\??\c:\rrfxffx.exec:\rrfxffx.exe53⤵
- Executes dropped EXE
PID:2168 -
\??\c:\7ttnnn.exec:\7ttnnn.exe54⤵
- Executes dropped EXE
PID:4396 -
\??\c:\nhbtnn.exec:\nhbtnn.exe55⤵
- Executes dropped EXE
PID:4524 -
\??\c:\7flffrr.exec:\7flffrr.exe56⤵
- Executes dropped EXE
PID:4052 -
\??\c:\ttbbtb.exec:\ttbbtb.exe57⤵
- Executes dropped EXE
PID:3236 -
\??\c:\bnbnnh.exec:\bnbnnh.exe58⤵
- Executes dropped EXE
PID:4864 -
\??\c:\jvjjd.exec:\jvjjd.exe59⤵
- Executes dropped EXE
PID:3064 -
\??\c:\rlxrrll.exec:\rlxrrll.exe60⤵
- Executes dropped EXE
PID:4384 -
\??\c:\hnttnt.exec:\hnttnt.exe61⤵
- Executes dropped EXE
PID:3964 -
\??\c:\9djjd.exec:\9djjd.exe62⤵
- Executes dropped EXE
PID:952 -
\??\c:\rffffff.exec:\rffffff.exe63⤵
- Executes dropped EXE
PID:3640 -
\??\c:\rlrffff.exec:\rlrffff.exe64⤵
- Executes dropped EXE
PID:4856 -
\??\c:\hnbbth.exec:\hnbbth.exe65⤵
- Executes dropped EXE
PID:5116 -
\??\c:\fxrxxlf.exec:\fxrxxlf.exe66⤵PID:4808
-
\??\c:\lffxflx.exec:\lffxflx.exe67⤵PID:2612
-
\??\c:\vvvvp.exec:\vvvvp.exe68⤵PID:4744
-
\??\c:\llxxxxf.exec:\llxxxxf.exe69⤵PID:4924
-
\??\c:\hbnnhh.exec:\hbnnhh.exe70⤵PID:4456
-
\??\c:\jvdjj.exec:\jvdjj.exe71⤵PID:220
-
\??\c:\rlrlxrf.exec:\rlrlxrf.exe72⤵PID:768
-
\??\c:\lfxllff.exec:\lfxllff.exe73⤵PID:4060
-
\??\c:\hbbttn.exec:\hbbttn.exe74⤵PID:4244
-
\??\c:\vppjd.exec:\vppjd.exe75⤵PID:1144
-
\??\c:\rfllrxx.exec:\rfllrxx.exe76⤵PID:2524
-
\??\c:\frffxxf.exec:\frffxxf.exe77⤵PID:3880
-
\??\c:\tnhnhn.exec:\tnhnhn.exe78⤵PID:1688
-
\??\c:\pdjdp.exec:\pdjdp.exe79⤵PID:4880
-
\??\c:\xlflxfr.exec:\xlflxfr.exe80⤵PID:2748
-
\??\c:\frfxxxf.exec:\frfxxxf.exe81⤵PID:3676
-
\??\c:\nnbtbb.exec:\nnbtbb.exe82⤵PID:1408
-
\??\c:\vdvdp.exec:\vdvdp.exe83⤵PID:2564
-
\??\c:\dvdpj.exec:\dvdpj.exe84⤵PID:1448
-
\??\c:\1xxrrrr.exec:\1xxrrrr.exe85⤵PID:3636
-
\??\c:\9dvdd.exec:\9dvdd.exe86⤵PID:4920
-
\??\c:\pdjdv.exec:\pdjdv.exe87⤵PID:5024
-
\??\c:\1nthbt.exec:\1nthbt.exe88⤵PID:1028
-
\??\c:\vpvpv.exec:\vpvpv.exe89⤵PID:3548
-
\??\c:\rfrlfxl.exec:\rfrlfxl.exe90⤵PID:3424
-
\??\c:\3hnhhh.exec:\3hnhhh.exe91⤵PID:4600
-
\??\c:\7vdvv.exec:\7vdvv.exe92⤵PID:2460
-
\??\c:\dvdpp.exec:\dvdpp.exe93⤵PID:4832
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe94⤵PID:4308
-
\??\c:\9xrlffx.exec:\9xrlffx.exe95⤵PID:4088
-
\??\c:\bnbbbb.exec:\bnbbbb.exe96⤵PID:2660
-
\??\c:\jjdvv.exec:\jjdvv.exe97⤵PID:1400
-
\??\c:\thhhnt.exec:\thhhnt.exe98⤵PID:2316
-
\??\c:\thnttt.exec:\thnttt.exe99⤵PID:1916
-
\??\c:\pjjjp.exec:\pjjjp.exe100⤵PID:3520
-
\??\c:\vvvpj.exec:\vvvpj.exe101⤵PID:772
-
\??\c:\fxrllff.exec:\fxrllff.exe102⤵PID:1444
-
\??\c:\rfxrffr.exec:\rfxrffr.exe103⤵PID:396
-
\??\c:\nbhtbh.exec:\nbhtbh.exe104⤵PID:1452
-
\??\c:\7lfxxxx.exec:\7lfxxxx.exe105⤵PID:2384
-
\??\c:\tbttnt.exec:\tbttnt.exe106⤵PID:2152
-
\??\c:\3dppj.exec:\3dppj.exe107⤵PID:432
-
\??\c:\ppvvv.exec:\ppvvv.exe108⤵PID:1812
-
\??\c:\xxxxrrx.exec:\xxxxrrx.exe109⤵PID:4404
-
\??\c:\xrffffl.exec:\xrffffl.exe110⤵PID:3064
-
\??\c:\nbnhhh.exec:\nbnhhh.exe111⤵PID:1096
-
\??\c:\7bnntt.exec:\7bnntt.exe112⤵PID:2276
-
\??\c:\7vjdp.exec:\7vjdp.exe113⤵PID:952
-
\??\c:\9lxrffr.exec:\9lxrffr.exe114⤵PID:3900
-
\??\c:\tnnntt.exec:\tnnntt.exe115⤵PID:4856
-
\??\c:\tbtntt.exec:\tbtntt.exe116⤵PID:5068
-
\??\c:\jjddd.exec:\jjddd.exe117⤵PID:4312
-
\??\c:\nnbbbb.exec:\nnbbbb.exe118⤵PID:4744
-
\??\c:\pdjdv.exec:\pdjdv.exe119⤵PID:876
-
\??\c:\jdjpp.exec:\jdjpp.exe120⤵PID:3244
-
\??\c:\fffllxf.exec:\fffllxf.exe121⤵PID:2164
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-